UCF STIG Viewer Logo

Mainframe Products must audit nonlocal maintenance and diagnostic sessions audit events as defined in site security plan.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68421 SRG-APP-000409-MFP-000257 SV-82911r1_rule Medium
Description
If events associated with nonlocal administrative access or diagnostic sessions are not logged and audited, a major tool for assessing and investigating attacks would not be available. This requirement addresses auditing-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing "ping," "ls," "ipconfig," or the hardware and software implementing the monitoring port of an Ethernet switch).
STIG Date
Mainframe Product Security Requirements Guide 2016-04-18

Details

Check Text ( C-68953r1_chk )
If the Mainframe Product has no function or capability for nonlocal maintenance this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product does not audit the nonlocal maintenance and diagnostic sessions audit events defined in site security plan using external security manager files and/or SMF records, this is a finding.
Fix Text (F-74537r1_fix)
Configure the Mainframe Product to audit the nonlocal maintenance and diagnostic sessions audit events defined in site security plan using external security manager files and/or SMF records.